Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort dont understand pf (openbsd) format

From: kiko () async com br (Christian Robottom Reis)
Date: Wed, 1 Dec 2004 15:31:04 -0200
On Wed, Dec 01, 2004 at 12:03:48PM -0500, M. Shirk wrote:

I'm not sure which version of OpenBSD changed the format, but there is a 
new and an old format in OpenBSD 3.5's if_pflog.h. Snort's handling code 
matches the old format.

Looks like snort needs an update to support modern pf formats.



When I get home tonight, I can test with my OpenBSD Server(3.6 or current).
If someone else has already done this, please stop me before I start :-)


I suggest you take a look at the whole thread -- Breno and I ended up
hacking code to get it working. We have an ugly ne'r-do-well patch that
we'd like to polish for submission if noone beats us to it.


Also, I wonder if this has come up before on OpenBSD as far as the PORT of 
Snort that comes with the Releases of OpenBSD.


I haven't had a look. I suspect the same problem exists, because IIRC
one of our clients tried it before, but I could just be suffering from
exposure <wink>.

Take care,
--
Christian Robottom Reis | http://async.com.br/~kiko/ | [+55 16] 3361 2331


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: